There’s no reason to use WEP. If you have an ancient router that only supports WEP, you should upgrade it right now. If you have an older device that only supports WEP, you should upgrade it, too. Every recent device should support stronger WPA encryption.

WPA vs. WPA2

WPA is the newer Wi-Fi security standard. WPA stands for “Wi-Fi Protected Access.” There are two versions of WPA — WPA and WPA2. WPA was implemented first as a temporary solution for devices that originally only supported WEP. These devices could be upgraded to WPA encryption for additional security, allowing them to escape WEP and its many flaws. The original WPA was always a stop-gap solution and just isn’t as secure as WPA2.

WPA2 is the final version of Wi-Fi Protected Access. It’s the most secure option available and the one you should be using. If you have a router or another device that only supports WEP and WPA, it’s probably very old and you should upgrade. New devices that are properly set up for security should be using WPA2 out of the box. Note that there are two versions of WPA2 you can choose from, which we’ll cover below.

WPA2-Personal or WPA2-PSK

The PSK in WPA2-PSK stands for Pre-Shared Key. This is also known as Personal mode. It’s intended for homes and small office networks, as it’s a much easier option to set up than the alternative, which we’ll look at below.

Your wireless router encrypts network traffic with a key. With WPA-Personal, this key is calculated from the Wi-Fi passphrase you set up on your router. Before a device can connect to the network and understand the encryption, you must enter your passphrase on it.

WPA2 is still fairly secure, but it’s not perfect. Some potential vulnerabilities have been found, but they’re nowhere near as easy to exploit as they are with WEP. Your main concern should be enabling WPA2-Personal on your home network and setting a strong passphrase.

WPA2-Enterprise or WPA2-802.1X

WPA2-Enterprise is also referred to as WPA2-802.1X mode because of the standard it implements. The Enterprise in the name is no joke — this is a solution that’s intended for enterprise networks as it requires more hardware and is more difficult to set up and maintain.

To use WPA2-Enterprise, you’ll need a RADIUS authentication server. RADIUS stands for Remote Authentication Dial In User Service. To authenticate with such a server, a variety of EAP — Extensible Authentication Protocols — can be used. After connecting to the Wi-Fi network, each client would have to log in with a username and password. Traffic to each client would be encrypted with a unique encryption key which isn’t derived from a pre-shared key. This is more secure than simply deriving a key from the same pre-shared key on each device. This also allows network administrators to monitor who’s connecting to the network and revoke access to specific users at any time without affecting other users.

Large businesses should implement WPA2-Enterprise for additional security, but there’s no reason home users and small businesses should set up WPA2-Enterprise. It’s much more complicated to set up and manage a RADIUS authentication server than it is to simply set a wireless passphrase on your router.

So Which Is Truly Secure?

The most secure way to set up a Wi-Fi network is with WPA2-Enterprise, so if you run a Wi-Fi network for a large business, you should be setting up a RADIUS authentication server.

Of course, you probably only have a small Wi-Fi network to manage. For regular people and small businesses, WPA2-Personal is the ideal encryption option to use. WPA2-Personal along with a strong passphrase will provide you with very good security.

WEP is very easy to crack and should not be used for any purpose.

But is WPA2 really good enough? Well, security isn’t about absolutes. Saying WPA2-Enterprise is more secure than WPA2-Personal is like saying a bank vault door is more secure than the door on your house or apartment. It’s true, but that doesn’t mean you should replace your front door with a bank vault door — it’s more expensive and difficult to manage, just like a RADIUS authentication server. For another thing, the bank needs protection from bank robbers, just as Wi-Fi networks at large corporations need more protection from corporate espionage and criminals targeting high-end targets.

In the real world, WPA2-Personal with a strong passphrase is plenty secure.

@Ancrypt:
Use MAC filtering to exclude all MAC addresses except the ones you know. You should use any method that makes it more difficult for hackers or war drivers to access your network. Having said that, you need to understand that MAC filtering will not deter for long anyone really intent on breaking into your network.

WEP is pronounced "weep" because that is what you do after your WiFi is compromised.

Even passphrases can eventually be found if you were to try every combo of keys but it would take a very lomg time but not impossible. Wep is a joke! I was able to get past my own routers wep key in under 1 min! I think WEp will be phased out in a few years so it will be harder for some people to get free wifi!